It's a fact that most crimes are committed by people known to their victims. Similarly, businesses are most at risk from former and current employees. Most commonly when thinking about information security we consider how to prevent intrusion into our business from the outside. The facts and statistics tell a different story. 62% of large businesses in the UK (source: DTI/PWC Insider Threat Report 2006) have dealt with a security incident instigated by a current or former employee.
I've been writing up some of my research into insider threats in the form of a paper describing the risks posed to a fictional multinational company, Acme Widgets plc.
You can download the paper for free here. If you'd like to leave me feedback or would like more information about insider threats, write to the email address within the digital signature at the end of the document.
If you'd like to make a donation in return for downloading the paper, please give to Children in Need.
Comments (2)
How can a THREAT be the biggest RISK?
Shouldn't one of the 'threats' be the biggest one?
Mixing up basic terminology sure gives security a bad name (and supports the idea that "security is some kind of black art") in the eyes of many IT and non-IT people ....
Posted by Anton Chuvakin | May 12, 2008 6:59 PM
Posted on May 12, 2008 18:59
Thanks Anton - yes, I know. The title could probably have been expressed slightly better. It's supposed to represent my view that the greatest risks evolve from insider threats...make sense?
Posted by Stuart King | May 12, 2008 7:47 PM
Posted on May 12, 2008 19:47